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(54) Title: MULTIPLE CRYPTOGRAPHIC KEY DISTRIBUTION 
(57) Abstract 



A method for generating data encryp- 
tion keys providing an increased level of 
security and versatility is provided for use 
with data communications between a server 
and a client. According to this method, a 
Master Key (MK) is stored in a secured 
area that is inaccessible to external systems. 
Also stored in this secured area are several 
Series Numbers (SN). Based on one of sev- 
eral offered mechanisms, an SN is selected. 
The selected SN is then encrypted by a con- 
ventional data encryption algorithm, such 
as Data Encryption Standard (DES), using 
the MK. Through use of the MK, the SN 
is encrypted by the algorithm to generate a 
Derived Key (DK). The DK is then used in 
a second conventional data encryption al- 
gorithm. This second algorithm is used to 
encrypt data that is to be exchanged with 
an external system, or used to authenticate 
access. It may also be used to generate an 
electronic signature. 
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Multiple Cryptographic Key Distribution 



Background of the Invention 

Field of the Invention 

The present invention relates generally to computer communications, and 
more specifically to a means for generating data encryption keys to provide an 
increased level of data security for communications between a server (such as a 
computer system) and a client (such as a smartcard). 

Related Art 

The increased use of computer systems to transmit and receive sensitive 
data has elevated ' concerns about data security. For example, recent 
advancements in computer technology have provided consumer industries with 
what are commonly known as smartcards. A smartcard resembles a plastic credit 
card in size, shape, and construcdoa However, smartcards are essentially 
computers manufactured on plastic cards. They generally comprise a 
microprocessor, primary memory, and secondary memory for data storage. 
Additionally, smartcards have input and output means for exchanging data with 
external systems. Smartcards store and process application specific data. 
Commonly, the application specific data is user-specific and pertains to personal 
and/or business accounts of the smartcard owner. 

An example of an application of smartcard technology may be found in the 
banking industry. For example, smartcards may be used to replace common 
Automated Teller Machine (ATM) cards. Conventional ATM cards merely store 
data generally used to identify and authenticate users to the ATMs. ATMs 
typically communicate with central computer systems in order to process requests 
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by ATM customers. Often, communication line service outages prevent ATMs 
from processing customer requests. 

Smartcards on the other hand, with their buih^ active computer circm^ 
can provide much greatafimct^^ Smartcaids 
can process data independently of the AIM and the remote computer system. For 
example, a smartcard that contains current account information such as balance 
and crecfit data, may eliminate the need for remote commuiucati<msbetweaithe _ 
ATM and the central computer system, thereby decreasing ATM down time. 
Moreover, smartcards can manage several different accounts at once, and enable 
transfers and the like between such accounts. For example, people can use their 
smartcard to pay their credit card bill issuing a command to transf* 
their checking account to their credit card account. All information necessary for 
the transfer is contained within the smartcard itself. Another advantage of 
smartcards is that they can communicate with several external systems, such as 
ATM machines, pay phones, and personal computer systems. 

Smartcard technology can also be used with telecommunication 
technology sue* as wireless tel^^ 

other personal communications services (PCS). For example, a smartcard can 
maintain user account information pertaining to a telecommunication service 
provider and user specific features. The smartcard, when placed into a riot on a 
wireless phone, wffl instruct the phone to send the user's identification and 
authentication data to the originating switch on the service provider' s telephone 
network In this way, the telephone network will automatically authenticate the 
user and access the user* s account to provide user-specific and/or system specific 
features. 

A significant consideration in the development and use of smartcard 
technology is data security. If a smartcard is to be used to access sensitive data 
regarding a user, certain measures of security are required to protect the user 
against unauthorized access. likewise, if sensitive data is to be exchanged 



between the smartcard and external systems, data encryption should be 
implemented. 

Smartcards in use today often use data encryption algorithms and 
encryption/decryption keys. The enayptXHrtfeayption keys are commonly multi- 
bit combinations that enable data encryption algorithms to encrypt data in a 
predictable manner. The encryption/decryption key is embedded within the 
pennanent memory of the smartcard, and is not accessible by people. Such keys 
and data encryption methods are used to authenticate the use of the card and to 
interface with the applications that reside within the external computer systems. 
Data encryption provides for secure access to user accounts, secure data exchange 
between the cards and the external systems, and electronk: signatures that uniquely 
and securely identify users to originate smartcard transactions. 

If such keys are compromised, the measure of security provided by the key 
is broken. A key is compromised when h becomes known to an unauthorized 
user, such as a hacker. A hacker can break the code of a key, for example, with 
the use of a computer program that rapidly generates numerical combinations and 
tries each one as a key to gain access to the secured application. Eventually, the 
right combination is found and the key is broken. 

If a smartcard's key is co mp r omi sed, great expenses are incurred. First, the 
smartcard must be replaced, since the key is usually hard-coded (permanently 
coded) into its memory. Even if the key is not hard-coded, the smartcard must 
still be re-programmed and a new key must be downloaded into its pennanent 
memory storage device. Second, all external systems that communicate with the 
card must be re-programmed with the card's new key. The cost of audi 
reprogramming and replacement can be very significant. ' lH 
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Summary of the Invention 



A system and method for generating data encryption keys that provide in 
increased level of security and versatility are provided. The invention is 
particularly adapted for use with smartcard technology, but is also applicable to 
other uses, as will be ap p ar en t to persons skilled in the art. The present invention 
stores a Master Key (MK) in a secured area of permanent memory of a device 
(such as a smartcard), that is inaccessible by humans and systems external to the 
device. Also stored in this secured area of permanent memory and inaccessible 
by external systems are several Series Numbers (SN). Based on one of several 
offered mechanisms, one SN is selected. The selected SN is then encrypted by a 
conventk»al data encrypt 

(DK). The DK is then used in a second conventional data encryption algorithm. 
This second algorithm is used to encrypt data that is to be exchanged with an 
external systcxn, or iised to authenticate access. Itmay also be used to generate 

an electronic signature. 

By using a Derived Key (DK) as an encryption key in a second data 
encryption algorithm, an additional level of security and versatility are provided 
If the DK is compromised, a new DK is generated and the compromised DK is 
discarded. This occurs through the use of multiple SN*s and by altering the 
mechanism that selects the SNs. The compromised DKs are discarded by 
software changes only. This eliminates the need for replacing cards and 
reprogramming external systems with new encryption keys, whenever a key is 
compromised. 

An additional aspect of the present invention relates to its use with 
conventional Personal Identification Numbers (PIN). The smartcard may be 
programmed such that the mechanism that selects the SN is the entry of a PIN. 
Different PIN'S will cause the selection of different SNs. If a DK is compromised, 
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the user need only enter another FIN. Only the right combination of DK and PIN 
will cause the external system to authenticate the smartcard. 

The smartcard may also be programmed such that multiple sets of Series 
Numbers (SN) are encoded. This is especially relevant for smartcard* that contain 
muhipte applications, such as several c^^ Each set of SN*s apply 

to an individual appficatim A certain PIN wiU sdert a corresponding 

set of SN*s that relate to a certain application. Once the appropriate set of SN*s 
is selected, then an individual SN is selected for encryption based on a pre- 
determined mechanism. 

Further features and advantages of the invention, as well as the structure 
and operation of various embodiments of the invention, are described in detail 
below with reference to the accompanying drawings. In the drawings, like 
reference numbers generally indicate identical, functionally similar, and/or 
structurally similar dements. The drawing in which an dement first appears is 
indicated by the digit(s) to die left of the two rightmost digits in the corresponding 
reference number . 

Brief Description of the Figures 

The present invention will be described with reference to the 
accompanying drawings, wherein: 

Figure 1 is a block diagram illustrating the architecture of a client such as 
a smartcard according to the present invention; 

Figure 2 is a process flowchart illustrating the general operation of the 
present invention when used to authenticate client access to a server, 
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Figure 3 is a process flowchart illustrating the general operation of the 
present invention when used to encrypt and decrypt data; 

Figure 4 is a process flowchart illustrating the general operation of the 
present invention, with the additional aspect of utilizing FIN codes; and 

Figure 5 is a block diagram depicting the architecture of a server that 
communicates with clients according to the present invention. 

Detailed Description of the Preferred Embodiments 

Referring to Figure 1 , a block diagram of the architecture of a smartcard 
102 (also referred to herein as "chert"), utilizing the present invention is shown. 
WMle the invention is described for converdrace in the contert of a smartcard, h 
will be appreciated that the invention applies to all applications that use 
cryptographic keys that are subject to being compromised. To aid simplicity of 
illustration, components of the smartcard that are not relevant to the invention are 
not shown. Contained within the smartcard 102 is a secured area of permanent 
memory 104 that is inaccessible to external systems. A Master Key (MK) 106, 
and a plurality of Series Numbers (SNs) 108-1 through 108-n, are stored within 
the secured area 104. The plurality of Series Numbers are each multiple bit 
combinations that are permanently programmed into the smartcard 102. 

External to the secured area of permanent memory 104 is a program that 
includes a conventional data encryption ^rithm(DE^l) 110. This program 
(DEA1) executes in the smartcard 102. DEA1 llOmay beany of several well 
kncwnstawlard algorithms u^ Details ami implementation 

of sudi algorithms would be apparent topers T*e 
DEA1 110 receives an input and generates an output. The inputs to DEA1 110 



are a sdected series number (SSN) 116 and the MK 106. The output of DEA1 
HOtsaDerivedKey(DK) 112. 

The selected series number 116 is selected from the plurality of series 
numbers 108-1 through 108-n. A selection algorithm 1 14 that is executed by the 
smartcard 102 is used to select the SSN 1 16. A unique DK 112 is generated by 
DEA1 1 10 for each unique selected series number 11 6 t in combination with the 
MK 106 Thus, the generation of a Derived Key, DK, is a DEA1 function of the 
MK and the SSN, such that DK = DEA1(MK, SSN). 

Figure S is a Mock diagram depicting the architecture of a server 502 that 
communicates with clients such as the smartcard 102, according to the present 
invention. A secured data storage area 504 is used to store a plurality of client 
information blocks 506-1 through 506-n. Each client information block 506 
comprises specific information pertab^ to each client 102 that w pre- 
to communicate and conduct transactions with the server 502. 

Each client information Mode (506-1 through 506-n) includes a plurality 
of series numbers (such as 1SN ... ISNn shown in client information block 506- 
1), and a master key (such as 1MK shown in client information block 506-1). 

■■■9;,. v.- ' • '^.-.V^ 

Each client information block stored within the server contains identical data as 
is stored in the correspondingdiert'spermai^memoiy area 104. For example, 
suppose that client information Mode 506-1, stored within the server 502, 
corresponds to the client smartcard 102, as shown in Figure 1. In that case, the 
master key 1MK, shown in client information blodc 506-1 is the same as the MK 
106. Likewise the series numbers, 1SN1 ... ISNn shown in client information 
block 506-1, are the same as the scries numbers 108-1 through 108-n, stored 
within the smartcard 102. 

External to the secured data storage area 504 is a program that includes 
a conventional data encryption algorithm (DEA1) 1 10. This program (DEA1) 
executes in the server 502. DEA1 110 may be any of several well known standard 
algorithms used for encrypting data. Details and implementation of such 
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algorithms would be apparent to persons skilled in the relevant art(s). TheDEAl 
1 10 receives an input and generates an output. The inputs to DEA1 110 are a 
selected series number (SSN) 116 and master key such as 1MK shown in 506-1. 
The output of DEA1 1 10 is a Derived Key (DK) 112. 

The selected series number 116 is selected from the plurality of series 
numbers (1SN1 through ISNn or example). A selection algorithm 114 that 
executes in the server 502 is used to select the SSN 116. The unique DK 112 
that is generated by DEA1 110, is dependent upon the inputs to the DEAI 110, 
namely the selected series number 116 and the master key such as 1MK shown in 
506-1. 

As shown by the use of common reference numbers, the selection 
algorithms 114 that are executed within the server 502 and the client 102 are 
functionally equivalent. Therefore both Ac client 102 and the server 502 will 
generate the same selected series number, if the same plurality of series numbers 
are used as inputs to both systems. likewise, the data encryption algorithms 
110 that are executed within the server 502 and the client 102 are fiinctionally 
equivalent. Therefore both the client 102 and the server 502 will generate the 
same derived key 112, if the same inputs (namely the selected series number and 
the master key) are used by both systems . 

Note that at least one series number is selected to implement the additional 
level of data security accorcfing to the present invention. Many different methods 
and/or different algorithms can be used to select a particular series number from 
the phirafity of series numbers according to the present invention. One method is 
to use the same selection algorithm 1 14 in both the server 502 and the client 102. 
In this case, the same SN is selected in both the server 502 and the client 102, 
since they both use the same algorithm. Alteniathrdy, only one system, either the 
server 502 or the client 102 uses the selection algorithm. In this case, the output 
from the selection algorithm is passed to the other system, so that both systems 
generate common DKs. Several such examples of selection methods are discussed 



below in order to demonstrate preferred ways to implement the present invention. 
In addition to the examples below, many other variations are possible and as such, 
these examples should not be constnied to limit the scope of the present i^^ 

One method which may be used to select a SN 106 from the plurality of 
SNs is by using an algorithm 114 programmed within the smartcard 102 that 
generates a random number. The random number is used as an index to select a 
particular SN 116. The SSN-1 16 is subsequently passed to the server S02 in an 
initialization transaction. The server 502 uses the SSN 116 received from the 
smartcard 102, along with the MK associated with the smartcard, (1MK shown 
in client information Mock 506*1, for example), to generate the same DK 1 12. 
The smartcard 102 acts in a similar manner. Accordingly, the transaction is 
validated. 

A variation on the above method is to have the server 502 generate the 
SSN 116 to be used by both the server 502 and the smartcard 102. The same or 
similar random number generating algorithm 1 14 as described above resides in the 
server 502. The selection algorithm 1 14 is used by the server 502 to select a SN 
from the plurality of SNs (ISNl-lSNh, for example) contained in the information 
506-1 block corresponding to the smartcard 102, thereby generating a SSN 116. 
The SSN 116 is used by the server 502, along with the MK associated with the 
smartcard 102 (1MK shown in client information block 506-1, for example), to 
generate a DK 112 for the current transaction The SSN 116 is passed to the 
smartcard 102, where along with its internal MK 106, generates the same DK 112 
viatheDEAl 110 in the smartcard 102, thus validating the transaction. 

Another example is to have the same selection algorithm 114 execute in 
both the client 102 and the server 502. The common algorithm 1 14 generates an 
index based on a non-random figure, such as date or the time. The index is then 
used by both the client 102 and the server 502 simultaneously to select a SSN 
116, and generate a DK 112 for the session, as previously discussed herein. 
Alternatively, this non-random type algorithm may be programmed within only 
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one of the systems and the SSN is passed to the other system, as described above, 
for example, in an initialization transaction. 

A secret code that is assigned to a smaitcard holder, commonly referred 
to as a Personal Identification Number (PIN), can be used to select a particular 
SN. Such a number for example, can be used as an index to select a SN, or can 
be used as input to aiy number of diffe^^ generate 
an index for the SN selection. 

As can be seen, many different methods for SN selection are available and 
will work as long as the same procedure is used in both thesmartcaid 102 and the 
server 502, or the actual SN 116 is passed from one system to the other. In this 
way, the SSN 110 that is used by the smartcard 102, as input to its DEA1 110, 
is identical to the SSN 110 used by the server 502, as input to the server's DEA1 
110, so that identical DKs 112 are generated by both systems. 

Referring now to Figure 2, a process flowchart illustrates the general 
operation of the present invention when used to authenticate client access to a 
server. In this example, the client may be a smartcard and the server may be a 
bank's ATM The process begins in step 202, where the cfient requests access to 
the server. In step 204, the server passes token 205 to the client. The token 205 
is subsequently used as input during a data encryption step 212a performed by 
die server and a data encryption step 212b performed by the client Token 205 is 
simply a number that will be used by both the server and the client during data 
encryption step 212a and 212b, and must be the same for both to a uth e nt ica t e 
access. The passing of the token in step 204 does not necessarily have to occur 
at this point in the process but should occur prior to steps 212a and 212b. 

The processes continues within both the dieut ami the server whereby each 
system generates a derived key. Such processes occur in parallel within the client 
and the saver. Steps 206a through 212a depict the process steps taken by the 
server and steps 206b through 212b depict the process steps taken by the client. 
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Tbe servo* process begins with step 206a. In step 208a, the mechanism 
that selects the SSN 116 is executed As previously discussed, this mechanism 
is typically an algorithm such as selection algorithm 114 that generates an index 
number n, which is used to specify the SN to be used for the current transaction. 
Other methods to selett a SNcouMakernativefy The SSN 116 is made 

known to the cfient, by either passing the SSN 116 to the client, or by running the 
same or similar algorithm in the client as prevk)usly discussed hei^ suc^ that the 
client generated SSN 116 is the same as the server generated SSN 116. The 
method used by the client and the server is defined before the processing of the 
flowchart of Figure 2. Such definition may be achieved via an initialization 
transaction between the server and the client 

The SSN 116 is used as input to step 210a, which is the first Data 
Encryptxm Algorithm (DEA A second input to DEA1 

210a is the MK 106, winch U common to and stored m both 
as previously discussed. In step 210a, DEA1 uses the SSN 116 and the MK 106 
to generate the derived key (DK) 112 to be used in the current transaction. A 
similar process for generating the same DK 112 executes in the client in steps 
206b through 210b. 

In both the client and the server, the derived key 112 is used in a second 
Data Encryption Algorithm (DEA2) in steps 212a and 212b to encrypt the token 
205. DEA2 may or may not be the same encryption algorithm used in DEAL 
As noted above, DEA1 and DEA2 are any well known encryption algorithm The 
token 205 is a common rumber to both Therefore, identical 

results (214a and 214b) are obtained from the server's DEA2 212a and the 
client's DEA2 212b. 

The client result 214b is passed to the server in step 216. The server 
receives the client result 214b in step 218. In step 220, the server compares the 
client result 214b with the server result 214a. If the client result 214b matches 
the server result 214a, then the server allows access, as indicated by step 222. If 
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the dioit result 214b does not match the server result 214a, thai the sever does 
not allow access, as indicated in step 224. 

Rrfcning to Figure 3, a process flowchart illustrates another embodiment 
of the present invention. In this example, the client may be a smartcard which 
5 needs to pass a confidential number Nl 304 to a server, which may be an external 

computer system. In this example, the exchange of Nl 304 must be kept secure. 
Therefore; Nl is encrypted usin^ 1 12, as is characteristic of 

the present inventkm. The transaction of exchanging the confidential number Nl 
304 begins with step 302. 
10 Steps 206a through 210a and steps 206b through 210b are the same 

process steps as shown in Figure 2, used to produce the derived key 112 in the 
server and client respectively. Note that the token passing step 204 is not used in 
the process depicted by Figure 3. 

The DK 1 12 that is generated by the client process in step 210b is used as 
15 a key for a second Data Encryption Algorithm (DEA2) in step 306. DEA2 

accepts the number Nl 304 as a first input and the DK 112 as a second input. 
The output of DEA2 is an encrypted number EN1 308, which is passed to the 
server in step 310. 

In step 3 1 2, a dcayption algorithm, which is the reverse of DEA2, is used 
20 to regenerate the confidential number Nl. In step 312, the server uses an 

independently derived DK 1 12 as a first input and the received EN1 308 as a 
second input Using this method, Nl 304 is exchanged between the client 
(smartcard) and the server (external computer system) in an encrypted manner so 
as to maintain security . 

25 Furthermore, the specific encryption ofNl 304 results from the use of a 

common Derived Key 112, which is independently generated by both the client 
and server. As with aD of the methods described herein, if the DK 112 is 
compromised, a new DK can be generated by both the client and server by 
selecting a new SN. A new SN may be selected by using a different selection 
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algorithm, or by using the same selection algorithm with different inputs. 
Accordingly, the present invention effectively removes the compromised DK from 
use. Many methods may be used to implement the modification of the selection 
algorithms used by the chem and/or the server. For example, both the client and 
the server may be manually reconfigured, or may be automatically reconfigured 
via a transaction between the chem Other implementations will be 

apparent to persons skilled in the relevant art(s). 

An additional aspect of the present invention will now be described with 
reference to the use of Personal Identification Numbers (PINs). PINs are 
commonly, but not necessarily, four digits in length. The smartcard 102 may be 
used for several different applications. For example, a single smartcard 102 may 
contain numenx^oedh card accounts. It may also contain multiple sets of SN*s, 
where each individual set corresponds to a different application and /or server. An 
individual set ofSNs is selected within the smartcard A particular set of SN* s is 
selected fay the smartcard, as the result of a user entering a particular PIN into the 
server. Once a particular set of SNs is selected, the same process as previously 
described above is used within the smartcard and the server to conduct secure 
transactions. In addition to providing a means of security, this method also 
provides a means for automatically selecting an application on a multi-application 
smartcard. 

Refining now to Figure 4, this operation of an additional embodiment is 
illustrated. After the transaction begins in step 302, the server process begins as 
step 206a indicates. A user inputs a particular PIN mtn thg rptvpt ay indicat ed by 
step 402. The PIN 404 is passed to the client to be used as input to a series 
number set selection process within the chent In step 406 a particular set of SN*s 
that corresponds to the particular application, such as an ATM bank account, is 
selected, in the dient, based on the PIN 404. The set of SNs may be similarly 
selected in the server, as indicated by step 403. The process from this point on, 
continues in the same manner as previously described, beginning with the SN 
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selection steps by both the client and the server as depicted by steps 208b and 
208a respectively. Ether steps 290 from Figure 2 or steps 390 from Figure 3 may 
be performed, as indicated by step 490. 

While various embo<fimcnts of the present invention have been described 
above, it should be understood that they have been presented by way of example 
only, and not limitation. Thus, the breadth and scope of the present invention 
shouUmtbeBmitedbyanyoftheabove-descnT^ 

should be defined only in accordance with the following claims and their 
equivalents. 
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What Is Claimed Is: 

1 L A system for secured data communication between a client and a server 

2 comprising: 

3 a client comprising: 

4 a secure memory suitable for storing data that is inaccessible 

5 outside of said client; 

6 _a master key stored within the secure memory; 

7 a plurality of series nimbera and 

8 a first encryption device coupled to said master key and said series 

9 numbers, to generate a first derived key from one of said series numbers, 

10 and said master key; 

11 a servo* in communication with said client, comprising: 

12 a server memory device; 

13 a plurality ofmaster keys stored in the server memory device, each 

14 master key associated with a particular client that is pre-authorized to 

15 communicate and conduct transactions with the server; 

16 a plurality of sets of series numbers stored in the server memory 

17 device, each set associated with a particular client that is pre-authorized 

18 to communicate and conduct transactions with the server, 

19 a second encryption device, functionally equivalent to said first 

20 encryption device; to generate a second derived key from a series number 

21 from one of said sets of series numbers in said server memory device that 

22 corresponds to said dient, and one of said master keys in said server 

23 memory device that corresponds to said dient, said first and second 

24 derived keys being identical. 
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1 2. The system of claim 1, wherein the client further comprises a 

2 selecting means for selects^ a pa^ 

3 of scries numbers. 

1 3. The aystem of claim 2> wherein the server further comprises a 

2 second selecting means for selecting a particular series number from said 

3 set of series numbers that corresponds to said client 

1 4. The system of claim 3, whereby said second selecting means is 

2 functionally equivalent to said first selecting means so that the same 

3 particular series number is selected by both said first and second selecting 

4 means. 

1 5. The system of claim 2 wherein said selected series number is 

2 communicated to the server so that the server may use the same series 

3 number as the client 

1 6. The system of claim 3 wherein said selected series number is 

2 communicated to the client so that the client may use the same series 

3 number as the server. 

1 7. The system of claim 2 whercfosatt 

2 means for accepting a personal identification number fiom a user; 

3 means for selecting a set of series numbers from said plurality of 

4 series numbers based on said personal identification number, and 

5 means for selecting a particular series number from said set of 

6 series numbers. 
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1 8. The system of claim 1, wherein said first and second derived keys 

2 are used in subsequent encryption processes as encryption keys. 

1 9. A method for secured data communication between a client and a 

2 server, said client comprising a first encryption device, and a secure 

3 memory suitable for storing data that is inaccessible outside of said dint, 

4 said server comprising a second encryption device and a memory device, 

5 said method comprising the steps of. 

6 (1) storii^g, within the secure memory of the client, a master 

7 key; 

8 (2) storing, within die secure memory of the client, a plurality 

9 of series numbers; and 

10 (3) using said master key and said plurality of series of 

U numbers by the client to validate and conduct transactions with said 

12 server. 

1 10. The method of claim 9, wherein step (3) comprises the steps of 

2 (a) selecting, by the client, a particular series number from the 

3 plurality of series numbers; 

4 (b) generating, by the client, a derived key using said master 

5 key and said selected number. 

1 11. The method of claim 10, further comprising the steps of 

2 (4) storing, within the memory device of the server, a plurality 

3 of master keys, each master key associated with a client that is pre- 

4 authorized to communicate and conduct transactions with said server, 

5 (S) storing, within the memory device of the saver, a plurality 

6 of sets of series numbers, each set associated with a client that is pre- 

7 authorized to communicate and conduct transactions with said server, 
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8 (6) selector by the server, a particular master key fiom said 

9 plurality of master keys, said particular master key being associated with 

10 said client; and 

11 (7) selecting, by the server, a particular set of series numbers 

12 from said plurality of sets of series numbers, said particular set of series 

13 numbers being associated with said client. 

1 12. The method of claim 1 1, further comprising the steps of 

2 (8) selecting, by the server, a particular series number from 

3 said particular set of series numbers; 

4 (9) generating, by the server, a derived key identical to said 

5 derived key generated in step (3)(b), by using said particular master key 

6 and said selected series number. 

1 13. The method of claim 12, wherein the selection method of step (8) 

2 is fractionally klent^ so that both 

3 the client and the saver selects the same said particular series number. 

1 14. The method of claim 10, wherein the client sends the selected 

2 series number to the server so that the servo- may use the same selected 

3 series number as the client 

1 15. The method of claim 9, wherein step (3) comprises the steps o£ 

2 (a) accepting a personal identification number from a user, 

, „„ , ^ selecting a set of series numbers "from said plurality of 

4 series numbers based on said personal identification number, 

5 (c) selecting a particular series number from said set of series 

6 numbers; and 
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7 (d) generating, by the client, a derived key using said master 

8 key and said selected series numbers. 
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